Greetings,
We just released 0.4.8.18 stable and 0.4.9.3-alpha:
https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578
Here is the ChangeLog for both. Cheers!
Changes in version 0.4.9.3-alpha - 2025-09-16
This is the third alpha release and likely the last before going stable.
This release contains the new CGO circuit encryption. See proposal 359 for
more details. Several TLS minor fixes which will strengthen the link
security.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Major features (cell format):
- Tor now has (unused) internal support to encode and decode relay
messages in the new format required by our newer CGO encryption
algorithm. Closes ticket 41051. Part of proposal 359.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major bugfixes (onion service directory cache):
- Preserve the download counter of an onion service descriptor
across descriptor uploads, so that recently updated descriptors
don't get pruned if there is memory pressure soon after update.
Additionally, create a separate torrc option MaxHSDirCacheBytes
that defaults to the former 20% of MaxMemInQueues threshold, but
can be controlled by relay operators under DoS. Also enforce this
theshold during HSDir uploads. Fixes bug 41006; bugfix
on 0.4.8.14.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
o Minor features (security, TLS):
- When we are running with OpenSSL 3.5.0 or later, support using the
ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
o Minor feature (client, TLS):
- Set the TLS 1.3 cipher list instead of falling back on the
default value.
o Minor feature (padding, logging):
- Reduce the amount of messages being logged related to channel
padding timeout when log level is "notice".
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 16, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/09/16.
o Minor features (hidden services):
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor features (hsdesc POW):
- Tolerate multiple PoW schemes in onion service descriptors, for
future extensibility. Implements torspec ticket 272.
o Minor features (performance TLS):
- When running with with OpenSSL 3.0.0 or later, support using
X25519 for TLS key agreement. (This should slightly improve
performance for TLS session establishment.)
o Minor features (portability):
- Fix warnings when compiling with GCC 15. Closes ticket 41079.
o Minor bugfix (conflux):
- Remove the pending nonce if we realize that the nonce of the
unlinked circuit is not tracked anymore. Should avoid the non
fatal assert triggered with a control port circuit event. Fixes
bug 41037; bugfix on 0.4.8.15.
o Minor bugfixes (bridges, pluggable transport):
- Fix a bug causing the initial tor process to hang intead of
exiting with RunAsDaemon, when pluggable transports are used.
Fixes bug 41088; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (circuit handling):
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Second fix attempt Fixes bug 41106; bugfix
on 0.4.8.17
o Minor bugfixes (compilation):
- Fix linking on systems without a working stdatomic.h. Fixes bug
41076; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (logging, metrics port):
- Count BUG statements for the MetricsPort only if they are warnings
or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
contributed by shadowcoder.
o Minor bugfixes (protocol):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (relay):
- Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
bug 41043; bugfix on 0.4.9.2-alpha.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17-dev.
o Removed features:
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
Changes in version 0.4.8.18 - 2025-09-16
This is a minor release with a major onion service directory cache (HSDir)
bug fix. A series of minor bugfixes as well. As always, we strongly recommend
to upgrade as soon as possible.
o Major bugfixes (onion service directory cache):
- Preserve the download counter of an onion service descriptor
across descriptor uploads, so that recently updated descriptors
don't get pruned if there is memory pressure soon after update.
Additionally, create a separate torrc option MaxHSDirCacheBytes
that defaults to the former 20% of MaxMemInQueues threshold, but
can be controlled by relay operators under DoS. Also enforce this
theshold during HSDir uploads. Fixes bug 41006; bugfix
on 0.4.8.14.
o Minor feature (padding, logging):
- Reduce the amount of messages being logged related to channel
padding timeout when log level is "notice".
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 16, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/09/16.
o Minor bugfix (conflux):
- Remove the pending nonce if we realize that the nonce of the
unlinked circuit is not tracked anymore. Should avoid the non
fatal assert triggered with a control port circuit event. Fixes
bug 41037; bugfix on 0.4.8.15.
o Minor bugfixes (circuit handling):
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Second fix attempt Fixes bug 41106; bugfix
on 0.4.8.17
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17-dev.
--
7foVekONn2ef4TNka+FUrpiKMgHwqW5UJwOt0iGfiXQ=
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-announce mailing list -- tor-announce@xxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to tor-announce-leave@xxxxxxxxxxxxxxxxxxxx